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Security for logical unit in storage subsystem 



Tables (Figs. 11 and 12) for stipulating informa- 
tion (WWN: Worldwide Name) for primarily identifying 
computers (1105-1128, 1205-1207), information (GID: 
Group ID) for identifying a group of tine computers and 
a logical unit number (LUN) permitting access from the 
host computer inside storage subsystem, in accordance 
with arbitrary operation method by a user, and for giving 
them to host computer. The invention uses manage- 
ment table inside the storage subsystem and gives log- 
ical unit (1302) inside storage subsystem to host com- 
puter group arbitrarily grouped by a user in accordance 
with the desired form of operation of the user, can decide 
access approval/rejection to the logical unit inside the 
storage subsystem in the group unit and at the same 
time, can provide the security function capable of setting 
interface of connection in the group unit under single 
port of storage subsystem without changing existing 
processing, limitation and other functions of computer. 
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Description 

BACKGROUND OF THE INVENTION 
Field of the Invention 

[0001] This invention relates to a storage subsystem 
to be accessed from a computer. More particularly, this 
invention relates to an access to a logical unit inside a 
storage subsystem. 

Description of the Related Art 

[0002] Fiber Channel protocol has been standardized 
in recent years and SAN (Storage Area Network) envi- 
ronment using this protocol as the infrastructure has be- 
come complicated and diversified. As a result, the 
number of computers connected to the storage subsys- 
tem and their kinds, or a kind of OS (Operation System), 
and the number of logical units required for the storage 
subsystem have drastically increased. Further, an envi- 
ronment in which various protocols other than the Fiber 
Channel such as SCCI, ESCON, TCP/IP, iSCSI, etc, can 
be simultaneously used has been set up. Here, the term 
"computer" represents those electronic appliances hav- 
ing electronic circuits that can be connected to a net- 
work. 

[0003] Such an environment means that various kinds 
of computers gain access to one storage subsystem. 
The term "computer" includes so-called large-scale host 
computers and compact personal computers. When 
these various computers gain access to the storage 
subsystem, the expression such as "host gains access" 
and "host gains access" is used herein appropriately. 
[0004] Under such circumstances, the security func- 
tion to the storage subsystem resources that relies on 
OS, middleware and application software on the host 
side according to the prior art technology is not sufficient 
in some cases, and the necessity for a higher LUN se- 
curity function for preventing an illegal access to logical 
units (hereinafter abbreviated as "LU" from time to time) 
has increased rapidly. Incidentally, the term "LUN" rep- 
resents the logical unit number inside the storage sub- 
system. 

[0005] JP2000276406 is one of the references that 
describe means for accomplishing the security function 
to the storage subsystem resources (logical units). The 
method of this reference accomplishes the security 
function as to access approval/rejection to LUN inside 
the storage subsystem but cannot cope with diversified 
computers that gain access to a single port. In the prac- 
tical operation, therefore, the method limits the kind of 
host computers that can be managed under the single 
port to only one kind. This limitation in the practical op- 
eration cannot follow drastic expansion of the SAN en- 
vironment described above. 

[0006] To provide the logical units inside the storage 
subsystem to computers with the LUN security function. 



it is necessary to define a greater number of logical units 
than before under the single port of the storage subsys- 
tem and to give the logical units to host computers hav- 
ing a plurality of OS, a plurality of computers having mu- 

5 tually different kinds of OS, and other computers. 

[0007] Nonetheless, the LUN security function in the 
existing storage subsystems is not free from the limita- 
tion that the kind of OS must be the same even when a 
large number of computers that can be managed under 

10 the single port exist. Furthermore, such a function gen- 
erally has another limitation that setting of connection 
interface for the host computers that can be set to the 
single port must be one. A method for solving these 
problems would be the one that simply defines a large 

15 number of logical units under the single port of the stor- 
age subsystem, and divides and gives the logical units 
as such to a plurality of kinds of OS that gain access to 
this port. 

[0008] However, various OS of existing computers 

20 have a specification such that when access cannot be 
made to a logical unit zero (LUG) of a storage subsys- 
tem, inquiry is not at all made thereafter for subsequent 
LU of the same system after LU1 next to LUO. Inciden- 
tally, according to the SCSI-2 standard, one system in- 

25 dudes 8 LU, and LUO to LU7 belong to the same system. 
[0009] Therefore, when the logical unit number (LU N) 
inside the storage subsystem is as such given to the 
host computer, the computer cannot correctly recognize 
the logical unit as expected on the setting side of the 

30 logical units. 

[0010] Various OS of existing computers mostly set 
the upper limit of logical unit numbers recognizable un- 
der the single port to 256. In other words, even when 
257 or more of logical unit number are disposed, the 

35 computers cannot recognize the logical units, and this 
also renders the problem when the logical units inside 
the storage subsystem are given to the computer under 
the single port 

[001 1 ] On the other hand, when a strong LUN security 

40 function is provided in storage subsystems, the most re- 
liable method would be the one that serially checks ac- 
cess approval/rejection of the object LU whenever com- 
puters transmit commands. However, this creates the 
problem of performance because the processing time in 

45 the storage subsystem (overhead for security check) 
becomes greater. 

[0012] It is therefore a first object of the invention to 

provide a storage subsystem that groups computers in 
accordance with OS or into an arbitrary kind without 

50 changing existing processing, limitation and other func- 
tions of the computers, limits logical units to which the 
computers so grouped can gain access, and makes it 
possible to set them on interface in the group unit and 
to provide a LUN security function under a single port of 

55 the storage subsystem. 

[001 3] It is a second object of the invention to provide 
the security function described above with high-speed 
access judgment logic of the storage subsystem. 
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SUMMARY OF THE INVENTION 

[0014] A storage subsystem according to the inven- 
tion includes a management table describing corre- 
spondence of information (WWN: Worldwide Name) for 
primarily identifying each computer (inclusive of host 
computers), information (GID: Group ID) for identifying 
a group to which the computer belongs and a logical unit 
number (LUN) inside the storage subsystem for which 
access from the computer is permitted; a nonvolatile 
memory for storing the management table; a manage- 
ment table describing correspondence of a manage- 
ment number (S_ID) dynamically allocated when the 
computer executes login to the storage subsystem and 
remaining effective until logout, information (WWN) for 
primarily identifying the computer and information (GID) 
for identifying the group to which this host computer be- 
longs; a nonvolatile memory for storing the manage- 
ment table; at least one input terminal for setting these 
management table; at least one storage device; a stor- 
age control unit for controlling write/read of data to and 
from the storage device; and logical units (LUN) corre- 
sponding to storage areas of the storage device. 
[0015] In this storage subsystem, a user can make 
setting of accessible LUN and setting on a connection 
interface in an arbitrary group unit of computers under 
a single port without changing existing processing, lim- 
itation and other functions of the computers. Therefore, 
this storage subsystem can accomplish an access con- 
trol function, that is, a LUN security function, for compu- 
ter groups having a plurality of kinds of OS under a sin- 
gle port. 

[0016] Since this storage subsystem uses GID as 
identification information on the basis of S_ID allocated 
at the time of login in place of host identification infor- 
mation WWN, the time required forjudging accessible 
LUN is shorter than when WWN is used, and a high- 
speed judgment can be made. 

[0017] Other objects, features and advantages of the 
invention will become apparent from the following de- 
scription of the embodiments of the invention taken in 
conjunction with the accompanying drawings. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0018] 

Fig. 1 is a structural view of hardware in an embod- 
iment of the present invention; 
Fig. 2 shows in detail a frame format and its frame 
header in the embodiment of the invention; 
Fig. 3 shows a login process in the embodiment of 
the invention; 

Fig. 4 shows in detail a frame format when an In- 
quiry command is transmitted in the invention; 
Fig. 5 shows an access inquiry sequence to a logi- 
cal unit by the Inquiry command in the embodiment 
of the invention; 



Fig. 6 is a flowchart showing an outline of a process 
sequence of LUN security in the embodiment of the 
invention; 

Fig. 7 shows a format of an incomplete TUN access 
5 management table" and its first example when the 
invention is not utilized; 
Fig. 8 visually shows the state of Fig. 7; 
Fig. 9 shows a format of an incomplete "LUN access 
management table" and its second example when 
10 the invention is not utilized; 

Fig. 1 0 visually shows the state of Fig. 9; 
Fig. 11 shows a format of a "LUN access manage- 
ment table" and its first utilization example accord- 
ing to the embodiment of the invention; 
15 Fig. 1 2 shows a format of a "LUN access manage- 
ment table" and its second utilization example ac- 
cording to the embodiment of the invention; 
Fig. 1 3 visually shows the effect of LUN security in 
the embodiment of the invention; 
20 Fig. 14 is a flowchart showing a generation se- 
quence of the "LUN access management table" ac- 
cording to the embodiment of the invention; 
Fig. 15 is a flowchart showing a generation se- 
quence of a "WWN_S_ID_GID conversion table" 
25 according to the embodiment of the invention; 

Fig. 16 shows a first utilization example of the 
"WWN_S_I D_GI D conversion table" format accord- 
ing to the embodiment of the invention; 
Fig. 17 is a flowchart showing a LUN access ap- 
30 proval/rejection judgment sequence for an Inquiry 
command of hostcomputertransmission of LUN se- 
curity according to the embodiment of the invention; 
Fig. 18 is a flowchart showing continuation of the 
flowchart shown in Fig. 17; and 
35 Fig. 1 9 shows a reference relation among tables of 
LUN security according to the embodiment of the 
invention. 

DESCRIPTION OF THE EMBODIMENT 

40 

[0019] The present invention utilizes by way of exam- 
ple a Fiber Channel as an example of an interface pro- 
tocol used between a storage subsystem and a compu- 
ter and an SCSI command as an example of acommand 

45 set operating on the interface protocol. Incidentally, the 
invention is not limited to the combination of the Fiber 
Channel and the SCSI command but can be applied to 
any combination of protocols and interfaces so long as 
they can provide the functions/mechanisms of login, in- 

50 quiry, logout, and so forth. 

[0020] A first embodiment of the invention will be giv- 
en. Initially, the features associated with the invention 
on the protocol of the Fiber Channel will be explained. 
[0021] A device having an interface of the Fiber Chan- 

55 nel is referred to as a "node", and a physical terminal 
corresponding to a practical interface is referred to as a 
"port". The node can have one or more ports. The 
number of ports that can simultaneously participate in 
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the overall system of the Fiber Channel is the address 
number of maximum 24 bits, that is, 2^4 (16,777,216). 
Hardware that mediates these connections is referred 
to a "fabric". In practice, transmitting ports and destina- 
tion ports need only operate by taking information relat- 
ed with the mutual ports into account but without the ne- 
cessity for taking the fabric into account. 
[0022] Each of the nodes and ports stores identifica- 
tion data that is unique worldwide and is allocated by a 
standardization organization (IEEE) in accordance with 
a predetermined rule. They correspond to MAC ad- 
dresses familiar in the past such as TCP/IP, and are 
hardware-wise fixed addresses. The addresses include 
two kinds, i.e. N_Port_Name and Node_Name, each 
having an eight-byte size. N_Port_Name is a value 
(hardware address) unique to each port and 
Node_Name is a value (hardware address) unique to 
each node. Since these values are unique worldwide, 
they are called "WWN (World Wide Name)" as the ad- 
dresses capable of primarily identifying the ports. In Ex- 
amples of the invention, the term "WWN" represents 
N_Port_Name. 

[0023] In the Fiber Channel, communication is exe- 
cuted by information of a signal level referred to as "Or- 
dered Set" and logical information having a fixed format 
referred to as a "frame". Fig. 2 shows a structure of the 
frame. The frame 201 has 4-byte identification data rep- 
resenting the start of the frame and called "SOF" (Start 
Of Frame) 202, a 24-byte frame header 203 character- 
izing control of a link operation and the frame, a data 
field 204 as a data part as the object to be practically 
transferred, a 4-byte cyclic redundancy code (CRC) 205 
and a 4-byte identification data called "EOF" (End of 
Frame) 206 and representing the end of the frame. The 
data field 204 is variable within 0 to 2,112 bytes. 
[0024] Next, the content of the frame header will be 
explained. Reference numeral 207 represents a struc- 
ture of the frame header. Here, the explanation will be 
given on only S ID 208 corresponding to 0 to 23 bit ar- 
eas of the first word in the detailed structure 207 of the 
frame header 203. SJD (Source ID) 208 is 3-byte ad- 
dress identification data for identifying the port transmit- 
ting the frame, and has a value effective for all the 
frames to be transmitted and received. FC_PH as one 
of the standard sets of the Fiber Channel stipulates that 
the fabric allocates SJD during the initialization proce- 
dure. The allocated value depends on N_Port_Name or 
Node_Name of each port. 

[0025] Next, the login procedure of equipment of the 
transmitting party and the destination party for mutually 
exchanging information on the basis of the Fiber Chan- 
nel protocol will be described. Fig. 3 shows the ex- 
change of information between the transmitting party 
(login requesting party) 301 and the destination party 
(login receiving party) 302. 

[0026] The explanation will be given on login of Class 

3 though several kinds of login procedures of the Fiber 
Channel are available. The login requesting party trans- 



mits a LOGI frame 303 to the login receiving party. This 
frame contains N_Port_Name, Node_Name, SJD and 
other information of the login requesting party. 
[0027] Equipment at the destination takes out the in- 

5 formation contained in this frame. When approving the 
login, this equipment transmits a frame called "ACC304" 
to the login requesting party. To reject login, on the other 
hand, it transmits a frame called "LS_RJT305" to the 
login requesting party. 

10 [0028] When detecting the response of the ACC 
frame to the PLOGI frame transmitted by the login re- 
questing party, the login requesting party knows that 
login proves successful, and can now start an I/O proc- 
ess such as data transfer. When receiving LS_RJT, on 

15 the other hand, the login requesting party knows that 
login is not established, and the I/O process to the cor- 
responding login receiving party cannot be executed. 
[0029] Though the explanation is given on the login 
operation of Class 3, the information in other login proc- 

20 esses that can be transmitted from the login requesting 
party to the login receiving party similarly contains 
N_Port_Name, Node_Name and S_ID. 
[0030] Next, Inquiry command that is a standard com- 
mand and is always supported in the SCSI command 

25 set will be explained. 

[0031] The Inquiry command is the one that inquires 
a logical unit as the object of the I/O process its package 
state and its preparation condition. Fig. 4 shows a de- 
tailed structure of the data field when the frame of the 

30 Fiber Channel standard transmits the Inquiry command 
defined by the SCSI standard. The basic structure of the 
frame and the frame header is analogous to the one 
shown in Fig. 2. Therefore, the structure contains 
SJD405. 

35 [0032] The data field 403 includes areas called FCP_ 
LUN 407, FCP_CNTL 408, FCP_CDB 409 and FCP_DL 
410 as represented by an FCP_CMND format 406. 
[0033] FCP_LUN 407 stores identification data of a 
logical volume associated with the port of the frame 

40 transmission destination that the frame transmitting par- 
ty is to inquire. Incidentally, the term "logical volume" 
represents a storage area virtually divided and num- 
bered for convenience sake for a storage device (phys- 
ical volume) as a visible entity. This identification data 

45 is called "LUN" (Logical Unit Number). 

[0034] FCP_CDB 409 stores command information 
called "command description block" (CDB) of SCSI 
when the SCSI command set is used. This FCP_CDB 
409 stores the Inquiry command information of SCSI, 

50 and the information is transferred with FCP_LUN 407 to 
the frame receiving party. 

[0035] In other commands supported by the SCSI 

command set such as Write command and Read com- 
mand, too, the frame has the structures of 401 and 406 
55 in the same way as the Inquiry command. Therefore, 
these commands also contain S ID and CP LUN that 
are essential for executing the present invention. 
[0036] Fig. 5 shows the inquiry sequence of the logical 
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unit by using tine Inquiry command. 
[0037] A liost computer 501 that is to gain access to 
the logical unit transmits the frame 503 storing the In- 
quiry command to a storage subsystem 502 having the 
logical unit to be accessed. This frame contains S ID of 
the host computer and LUN as the identification data of 
the logical unit to be inquired. Here, LUN can be set into 
the format of the Inquiry command information inside 
FCP_CDB besides the FCP_LUN area. The effect ob- 
tained is the same when which of these values is used. 
This embodiment uses the value stored in FCP_LUN 
407 as the LUN value. 

[0038] Receiving the frame containing the Inquiry 
command, the storage subsystem 502 prepares Inquiry 
data necessary for the inquiry and transmits a frame 504 
containing the Inquiry data so generated to the host 
computer. In this instance, the frame storing the Inquiry 
data is called "FCP_DATA". When the storage subsys- 
tem sets (504) either a qualifier 000 (binary digit) or de- 
vice type 00 to 09 (hexadecimal digit) for the logical unit 
inquired, the host computer that receives this Inquiry da- 
ta can subsequently generate I/O for this logical unit. 
[0039] As represented by 505, on the other hand, 
when the storage subsystem sets a qualifier 001 (binary 
digit) or 011 (binary digit) or device type 1 F (hexadeci- 
mal digit), the host computer that receives this Inquiry 
data 505 recognizes that subsequent generation of I/O 
is not possible. Therefore, it can be understood that 
when the storage subsystem controls the qualifier and 
the device type code stored in the Inquiry data, approval/ 
rejection of the access from the host computer to the 
logical unit of the storage subsystem can be controlled. 
[0040] As described above, the method of generating 
the frame is basically the same in the Write command 
and the Read command besides the Inquiry command. 
Therefore, when the storage subsystem on the side of 
the transmission destination detects S_ID and LUN des- 
ignated by the transmitting host computer as illegal, ac- 
cess rejection can be made. 

[0041] Subsequently, the flow of the processing in the 
invention will be described in detail. 
[0042] Fig. 1 shows an apparatus construction of an 
embodiment of the invention. A storage subsystem 1 01 
includes ports 102 to 104 for Fiber Channel interface, 
and is physically connected to host computers 105 to 
1 07 through the Fiber Channel interface. The host com- 
puters 108 to 112, too, have ports 108 to 112 for the 
Fiber Channel interface. The host computers 1 05 to 1 07 
can communicate with the storage subsystem 101 by 
using the Fiber Channel protocol. Some host computers 
have a plurality of Fiber Channel ports such as 1 05 and 
1 06 while the other has only a single Fiber Channel port 
as 1 07. Several kinds of connection forms (topology) ex- 
ist as the connection form between the storage subsys- 
tem 101 and the host computers 105 to 107 such as 
Point_to_Point, arbitration loop connection, fabric con- 
nection, and so forth. Since the present invention does 
not depend on the connection form, however, the chan- 



nel form is described merely as the Fiber Channel 113. 
[0043] First, the storage subsystem 101 includes a 
microprocessor 1 1 4 for executing various arithmetic op- 
erations and processing, and includes also a plurality of 

5 storage unit groups 115, a storage control device 116 
for controlling data write/read to and from these storage 
unit groups, and a bus 117 for connecting the storage 
unit groups 115 to the storage control device 116. 
[0044] Further, the storage subsystem 1 01 includes a 

10 memory 118 used as a work area of various arithmetic 
operations and processing and a non-volatile memory 
1 1 9 for preserving various management information and 
management tables. The storage subsystem 101 fur- 
ther includes a cache 120 as means for improving the 

15 response to the host computer. 

[0045] The storage subsystem 101 includes a com- 
munication control unit 121 and is connected to mainte- 
nance terminal equipment 123 through a communica- 
tion line 122. 

20 [0046] The maintenance terminal equipment 123 in- 
cludes therein a microprocessor 124, an input unit 125 
as an interface with users and a display unit 1 26 for out- 
putting a processing result. The user can set several ta- 
bles defined in this embodiment through the input unit 

25 125. 

[0047] A microprocessor 114, a memory 118, a non- 
volatile memory 119 and a communication control unit 
121 may have a discrete construction as shown in Fig. 
1 or may be disposed inside the storage control device 

30 116. When they cannot be arranged inside the storage 
control device 116 due to the physical shape (size) of 
the cache 120, they are disposed outside and are con- 
nected to the outside through predetermined paths 
(lines). In this case, the storage control device 116 is 

35 disposed immediately below the ports 1 02 to 1 04 and is 
connected to each port through a predetermined path. 
The storage control device 116 can substitute the func- 
tions exhibited by the microprocessor 114. 
[0048] The maintenance terminal equipment 1 23 con- 

40 nected to the communication control unit 121 may be 
arranged (always connected) inside the storage subsys- 
tem 101 or may be connected (maintenance connec- 
tion) through the communication line 122 only when 
necessary. 

45 [0049] Fig. 6 shows the outline of the flow of the 
processing of this embodiment. 
[0050] In Step 601 , a user generates a "LUN access 
management table", that associates mutually LUN (Log- 
ic Unit Number) stipulating the logical units (LU) existing 

50 inside the storage subsystem, WWN (N_Port_Name) of 
the host computers that may gain access to this LUN 
and GID (Group ID) allocated to the host computers 
when they are grouped into arbitrary groups, through the 
input unit 125 of the maintenance terminal equipment 

55 123. This table is held by the nonvolatile memory 119 
inside the storage subsystem. LUN of this table is seen 
in each host computer. WWN of each host computer is 
known already. 
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[0051] In Step 602, when each host computer exe- 
cutes login to the storage subsystem on the basis of the 
Fiber Channel protocol, the storage subsystem seg- 
ments WWN of this host computer and S_ID from a 
PLOGI frame, retrieves simultaneously GID, to which 5 
this WWN belongs, from the LUN management access 
table generated by the user, generates a 
"WWN_S_ID_GID conversion table" and holds the table 
on the nonvolatile memory 119. 

[0052] When GID, to which WWN belongs, cannot be io 
retrieved from the LUN access management table, it 
means that the user does not define the host computer 
group to which this WWN belongs. In this case, there- 
fore, a non-defined ID is registered to GID of the 
WWN_S_ID_GID conversion table corresponding to ^5 
this WWN. The storage subsystem executes this oper- 
ation for all the PLOGI frames. 

[0053] In Step 603, the storage subsystem receives 
the frame inclusive of the Inquiry command that each 
host computer transmits in order to know the condition 20 
of the logical units inside the storage subsystem. Re- 
ceiving this frame, the storage subsystem segments S_ 
ID from the header of the frame and LUN as the object 
of the Inquiry command from the data field. Subsequent- 
ly, the storage subsystem retrieves the WWN_S_ 25 
ID_GID conversion table by using S_ID as the key and 
acquires GID corresponding to this S_ID. 
[0054] In Step 604, the storage subsystem retrieves 
LUN as the object of the Inquiry command from the LUN 
access management table by using the resulting GID as 30 
the key. In Step 605, whether or not LUN corresponding 
to GID is acquired as a result of Step 604 is judged. 
When it is acquired, that is, when LUN corresponding to 
GID exists on the LUN access management table, the 
access to LUN by the host computer group to which the 35 
present host computer belongs is permitted. When LUN 
does not exist on the table, on the other hand, the ac- 
cess to LUN by the host computer group to which the 
present host computer belongs is rejected. 
[0055] When the access to LUN by the host computer 40 
is permitted as a result of Step 605, the storage subsys- 
tem executes in Step 606 setting of LUN package (set- 
ting that access is possible) to the Inquiry command 
generated by the host computer, and then transmits the 
Inquiry data. When the access to this LU is rejected, on 45 
the other hand, the storage subsystem executes setting 
of LUN non-package, that represents that setting is not 
permitted, to the Inquiry command generated by the 
host computer, and transmits the Inquiry data. 
[0056] Receiving the Inquiry data, the host computer 50 
analyzes the frame. When it recognizes as a result of 
analysis that the access to virtual LUN of the storage 
subsystem is permitted, the host computer can subse- 
quently continue to generate the command (I/O) re- 
quest) to this LUN. In this case, the storage subsystem 55 
can continuously receive the command to LU while login 
from the host computer remains effective as expressed 
by Step 608. 



[0057] On the other hand, recognizing that the access 
to LUN is rejected, the host computer does not again 
access to LU so long as login to the storage subsystem 
remains effective. Hereinafter, a method for controlling 
access approval/rejection from the host computer to 
specific LUN inside the storage subsystem will be called 
"LUN security in the invention". 
[0058] Next, the technical problems will be explained 
in further detail with reference to Figs. 7 to 10, and the 
invention will be explained with reference to Fig. 11 and 
so forth. 

[0059] First, generation of "LUN access management 
table" in Step 601 will be explained. It will be assumed 
that LUN security in the invention is managed for each 
port of the storage subsystem and that the host compu- 
ter gains access to LU inside the storage subsystem 
through this port of the storage subsystem. The most 
simplified method disposes a table 701 shown in Fig. 7, 
that defines correspondence between WWN as the in- 
formation for primarily identifying the host computer and 
LUN permitting the access of the host computer, inside 
the storage subsystem. This can be done without any 
problem when the host computer and the storage sub- 
system are connected through a dedicated line, and the 
function can be accomplished. 

[0060] In Table 701 , the storage areas inside the stor- 
age subsystem are arbitrarily numbered under a single 
port and the logical unit number (LUN) are as such al- 
located to WWN of the host computers. In Fig. 7, the 
host computer WWN 702 is permitted to gain access to 
only LUO to LU2. The host computer WWN703 is per- 
mitted to gain access to only LU3 and LU4 and the host 
computer WWN704, to only LU5 and LU6. 
[0061] Therefore, the host computers other than 
WWN702 cannot gain access to LUO to LU2 and LUN 
security of the invention can be accomplished. 
[0062] However, under the latest complicated envi- 
ronment of use where devices such as hubs corre- 
sponding to the fiber channel and switches are inter- 
posed between the host computers and the storage sub- 
system, the table of 701 alone is not sufficient. For, when 
the host computers in most of the existing host comput- 
ers fail to gain access to LUO of the storage subsystem 
connected to the host computers, the host computers 
do not at all make any inquiry for LU of the same system 
after LUO (since one system comprises 8 LU according 
to the SCSI-2 standard, LUO to LU7 form the same sys- 
tem). 

[0063] When the access is made from the host com- 
puters, the stipulation method of the table 701 does not 
permit the host computers 703 and 704 to gain access 
to LUO though LUN that permits the access is stipulated. 
In consequence, these host computers cannot refer to 
LUN that are stipulated by the table 701 . Such a phe- 
nomenon remarkably lowers utilization efficiency of an 
apparatus capable of providing abundant storage re- 
sources such as a disk array apparatus, and waste of 
the storage resources develops. 
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[0064] If the host computers 703 and 704 are permit- 
ted to gain access to LUO to prevent such a phenome- 
non, exclusion of LUO disappears and security is not in- 
sured. Provided that the access to LUO is permitted, too, 
it is difficult for the host computers 703 and 704 to share 
LUO due to the difference of formats of OS if they have 
different OS. 

[0065] It will be assumed in Fig. 7, on the other hand, 
that a group of host computers having WWN705 to 707 

and capable of inquiring the existence to all LUN exist 
even when the definition of LUO does not exist under the 
port of the storage subsystem. Here, the host computer 
of WWN705 is permitted to gain access to only LUO, 1 
and 7, the host computer of WWN706, to only LU3, 5 
and 6, and the host computer of WWN707, to only LU2 
and 4. 

[0066] Fig. 8 visually shows this condition. Host com- 
puters 802 to 804 correspond to the host computers 
having WWN705 to 707 shown in Fig. 7. The host com- 
puters 802 to 804 are connected to the same port 806 
of the storage subsystem through a hub, switch or rooter 
805 corresponding to the Fiber Channel. When access 
object LUN is defined without a plan for each host com- 
puter 802 to 804 or LUN different from LUN previously 
allocated is allocated as the access object under such 
a use environment, the representation method of LUN 
loses flexibility in the storage subsystem such as 801 
that represents LUN arbitrarily numbered under the 
same port inside the storage subsystem as such to the 
host computers, and LUN of the subordinates to this port 
appear as being dispersed as in the LU group 807 and 
become difficult to manage for use. 
[0067] On the other hand, some of the latest host 
computers recognize nine or more LU under the subor- 
dinates to one port of the storage subsystem. When 
LUN security is executed between such host computers 
and the host computers that support only eight LUN 
such as LUO to 7 under one port of the storage subsys- 
tem as in the prior art, the following problems arise. 
[0068] Referring to Fig. 9, the explanation will be giv- 
en on the case where the host computers having 
WWN902 and 904 have a mechanism for inquiring the 
existence to each LU though LUO does not exist under 
the port of the connected storage subsystem 1 0001 , and 
recognize up to 16 LU under the port of the connected 
storage subsystem 1 001 . 

[0069] It will be assumed that the host computer hav- 
ing WWN903 can inquire the existence to each LU 
though LUO does not exist under the port of the connect- 
ed storage subsystem 1 001 but the range of LU that can 
be supported is 8, that is, LUO to 7. As can be seen from 
the table 901 , the host computer having WWN902 is 
permitted to gain access within the range of LUO to 5, 
the host computer having WWN903, within the range of 
LU6 to 1 0 and the host computer having WWN904, with- 
in the range of LU11 to 15. Fig. 10 visually shows this 
condition. 

[0070] Host computers 1002 to 1004 correspond to 



the host computers having WWN902 to 904 in Fig. 9. 
The host computers 1 002 to 1 004 are connected to the 
same port 1 006 of the storage subsystem 1 001 through 
a hub, switch or rooter 1 005 corresponding to the Fiber 

5 Channel. When LU inside the storage subsystem are 
allocated such as the LU group 1008 to the host com- 
puters 1002 to 1004, only the range of LUO to 5 in the 
LU group 1008 appears as the access permitted object 
to the host computer A1 002, and only the range of LU1 1 

10 to 15 in the LU group 1008 appears as the access per- 
mitted object to the host computer CI 004. In either case, 
the object of LUN security can be achieved. However, 
because the host computer B1 003 can originally recog- 
nize up to 8 LU within the range of LUO to 7 under one 

15 port, it can make inquiry only within the range of the LU 
group 1007. Therefore, even when the access to LU6 
to 10 is permitted in the table 901, the host computer 
B1003 can practically gain access to only LU6 and 7. 
This is the problem that occurs because LU arbitrarily 

20 numbered under the same port inside the storage sub- 
system is as such given. 

[0071] In view of the problems described above, the 
present invention defines the "LUN access manage- 
ment table" 1101 shown in Fig. 11. The table 1101 is 
25 different from the table 701 shown in Fig. 7 and the table 
901 shown in Fig. 9 that merely and directly allocate 
LUN arbitrarily numbered under the same port inside the 
storage subsystem to WWN. 

[0072] The table 1101 associates WWN of the host 
30 computers having the possibility of access with GID 
(Group ID) allocated to these host computer groups 
when the user arbitrarily groups them, and imparts the 
logical unit number (LUN) that the user can set arbitrarily 
to these host computer groups in the storage areas ca- 
35 pable of permitting the access inside the storage sub- 
system. 

[0073] This table is generated in the port unit of the 
storage subsystem. In the storage subsystem defining 
this "LUN access management table" 1101 ,LUN can be 

40 flexibly numbered in accordance with the desire of use 
by the user for the host computer groups the user has 
arbitrarily grouped, and can be given. 
[0074] When OS is different, the logical format for LU 
is generally different, too. Therefore, LU cannot be 

45 shared among different OS. For this reason, in the "LUN 
access management table" 1101, the groups the user 
registers are generally the host computer groups having 
the same OS mounted thereto. 

[0075] When the desired use condition by the user 
50 (such as exchange bus construction, cluster construc- 
tion among host computers, etc) are incorporated in fur- 
ther detail in this host computer group registration, so- 
called "user friendliness" can be further improved and 
at the same time, the storage area inside the storage 
55 subsystem can be utilized more efficiently. A detailed 
set example of the "LUN access management table" 
11 01 will be explained with reference to Fig. 11 . 
[0076] In the table 1101 , the host computer group hav- 
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ing WWN1112 to WWN1114 has the same OS kind 1 
mounted thereto and is categorized as Group A 1105. 
The access to LUO to 3 inside the storage subsystem is 
permitted to this host computer group. Storage area 
numbers 0 to 3 (hereinafter called "#0 to 3") are allocat- 
ed to these LUO to 3 inside the storage subsystem. 
[0077] A host computer group having WWN1115 to 
WWN1117 has the same OS kind 2 and is categorized 
as Group B 1106. Though it seems that the access to 
LUO to 3 is also permitted to the host computer group, 
the storage areas #60 to 63 are allocated to these LUO 
to 3 inside the storage subsystem and exclusion is at- 
tained from the use storage areas of Group A 1 1 05 de- 
scribed above. In this way, LUN security in the invention 
is achieved. 

[0078] On the other hand, a host computer group hav- 
ing WWN1118 to WWN1121 is categorized as Group C 
1107 but is a mixture of a host computer group having 
an OS kind 3 mounted thereto and a host computer 
group having an OS kind 4 mounted thereto. Generally, 
LU cannot be shared among computer groups because 
the logical formats are different if their OS kinds are dif- 
ferent. When different OS kinds that can be shared exist, 
however, such grouping is possible. It seems that ac- 
cess to LUO to 5 is continuously permitted in Group C 
107. In practice, discrete storage areas #7, 11, 70, 79, 
87 and 119 are allocated. 

[0079] A host computer group having WWN1122 and 
1 1 23 is categorized as Group D 1 1 08, but the host com- 
puter group has different OS kinds mounted thereto, that 
is, an OS kind 5 and an OS kind 6. The host computer 
group D 1108 has an advanced architecture capable of 
discretely recognizing other LU even when LUO dos not 
exist under the port to be accessed. Therefore, acces- 
sible LU is defined by a complicated representation 
method of LU50, LU51 and LU62. Storage areas #40, 
99 and 100 are allocated to these accessible LU. 
[0080] Group registration to the "LUN access man- 
agement table" 1101 need not necessarily have a plu- 
rality of host computers. When it is desired to stipulate 
LU the access to which is singly permitted for the host 
computer WWN 11 24, for example. Group E 1109 includ- 
ing one host computer needs be registered. Resolution 
of the host computer for which access is permitted can 
be improved. The access to LUO to 1 is permitted to 
Group E 1109, and the storage areas # 4 and 5 are al- 
located. 

[0081] A solution of the problem of limitation that has 
become a problem in the recent SAN environment will 
be shown. The host computer of WWN 11 25 and the host 
computer 1 1 26 are categorized as Group F 1 1 1 0 having 
an OS kind 7 that can recognize only 256 LU under the 
single porL It will be assumed that a user's request for 
recognizing 512 LU under the single port exists in prac- 
tice. In this case, the host computer of WWN 11 25 and 
the host computer 1126 are again registered as a sep- 
arate Group G 1 1 1 1 . Since both host computers can rec- 
ognize maximum 256 LU, LUO to 255 for Group F 1 1 1 0 



and LUO to 255 for Group G 1111 are defined as access 
permitted LU. The storage areas #0 to 255 are allocated 
to LUO to 255 of Group F 1110 and the storage areas 
#256 to 51 2 are allocated to LUO to 255 of Group G 1 1 1 1 . 
5 In this way, 512 LU are given without changing the ex- 
isting processing, limitation and other functions of the 
host computers, and the LUN security function of the 
invention is accomplished. 

[0082] Finally, a set pattern different from those de- 

10 scribed above will be explained. The host computers of 
WWN 11 29 and WWN 11 30 and the host computers of 
WWN1131 and WWN1132 are those host computers 
that have the same OS kind 8 but exist on different 
floors. It will be assumed that a manager handling these 

15 host computers desires to give files and applications by 
different access LUN to these four host computers but 
the entity given has the same content in the same stor- 
age area. In such a case, setting of Group H 1127 and 
Group I 1 1 28 of the table 1 1 01 may be employed. In this 

20 case, LUO and 1 is given to Group H 1127 and LU 4 and 
5, to Group I 1128, but the practical reference destina- 
tion storage area # is the same 1 0 and 1 1 . The access 
from other host computers is rejected. In this way, the 
LUN security function according to the invention can be 

25 provided to satisfy the object of the manager. 

[0083] Grouping of the host computers by using the 
"LUN access management table" of the invention and 
association of LUN have thus been given concretely. 
This can be visually shown in Fig. 13. The correspond- 

30 ing "LUN access management table" 1201 is shown in 
Fig. 12. 

[0084] Referring to the table 1 201 , the LU group 1 204 
permitting the access to each host computer group 1 205 
to 1207 have practically an entirely random arrange- 
rs ment as represented by the storage area group 1303 
shown in Fig. 13. However, when the LU group 1204 is 
mapped to the LU group 1 204 of the table 1 201 , it takes 
the condition of the LU group 1302 shown in Fig. 13, 
and LU can be given without causing the host computer 
40 groups 1307 to 1309 to be aware of the practical ar- 
rangement condition 1303 of the storage area groups 
inside the storage subsystem. Incidentally, the host 
computer groups 1307 to 1309 in Fig. 13 correspond to 
the host computer groups 1205 to 1207 in Fig. 12. 
45 [0085] In this way, LUN security in the invention can 
be accomplished without changing the existing process- 
ing, limitation and other functions of the host computers, 
and flexible and efficient utilization of the storage sub- 
system resources becomes possible. 
50 [0086] Because grouping of the host computers is ac- 
complished as described above, connection interface 
information 1310 to 1312 (Fig. 13) can be set for each 
host computer group under the single port inside the 
storage subsystem 1301. 
55 [0087] Connection interface information represents, 
for example, reception I/O of the storage subsystem, the 
depth of a reception queue and the response content of 
Inquiry. In the storage subsystems according to the prior 
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art, interface information under the single port is gener- 
ally single. 

[0088] As represented by Steps 1401 to 1403, the 
"LUN access management table" 1101 or 1201 accord- 
ing to the invention is defined for all the ports of the stor- 
age subsystem and is then stored in the nonvolatile 
memory inside the storage subsystem. Since the table 
is thus stored in the nonvolatile memory, it does not ex- 
tinguish even when the power source of the storage sub- 
system is cut off. The table may also be stored in a pre- 
determined storage device 115 (storage device 101 in 
Fig. 1). 

[0089] Next, the login processing from the host com- 
puter to the storage subsystem will be explained. In this 
embodiment, GID (Group ID) is acquired from WWN pri- 
marily identifying the host computer through a series of 
login processing and is allowed to correspond to S_ID 
that primarily identifies the host computers that are used 
after this login. 

[0090] When the host computer is activated, the stor- 
age subsystem receives the PLOGI frame in Step 1501 
in Fig. 15. Receiving the PLOGI frame, the storage sub- 
system acquires S_ID of the host computer from the 
frame header in Step 1502 and WWN (N_Port_Name) 
of the host computer from the data field in Step 1503. 
Subsequently, the storage subsystem generates and 
records this WWN, SJD and GID (Group ID) to 
"WWN_S_ID_ GID conversion table" 1 601 shown in Fig. 
1 6 in Step 1 504, and holds them in the nonvolatile mem- 
ory inside the storage subsystem in Step 1505. Here, 
GID is acquired when the "LUN access management ta- 
ble" generated by the user is retrieved by using WWN 
as the key as described above. The "WWN_S_ID_GID 
conversion table" 16501 is generated for each of the 
storage subsystems. 

[0091] When the host computer having WWN regis- 
tered to this table subsequently transmits the command, 
the storage subsystem acquires SJD from its frame 
header, and can know GID corresponding to S ID by 
using the "WWN_S_ID_GID conversion table" 1601. 
Storing this "WWN_ S_ID_GID conversion table" 1601 
in the nonvolatile memory, the storage subsystem trans- 
mits an ACC frame representing that login of the host 
computer is approved, in Step 1 506. Receiving the ACC 
frame from the storage subsystem, the host computer 
can thereafter generate the Inquiry command to the 
storage subsystem. 

[0092] Next, Inquiry command reception from the host 
computer and the security response of the storage sub- 
system to the former will be explained. Figs. 17 and 18 
show the flow of a series of processing, and Fig. 19 
shows the reference relation of each table and param- 
eters used in the flow of processing. 
[0093] In Step 1 701 in Fig. 1 7, the storage subsystem 
receives an FCP_CI\/IND frame stipulated to the Fiber 
Channel from the host computer. Then, the storage sub- 
system analyzes the content of the data frame of this 
FCP_CMND in Step 1702. 



[0094] Subsequently, the storage subsystem checks 
whether or not the content of this FCP_CMND is the In- 
quiry command in Step 1703. When it is not the Inquiry 
command, the storage subsystem executes a process- 

5 ing corresponding to the command in Step 1 704. When 
it is the Inquiry command, on the other hand, the storage 
subsystem acquires SJD of the host computer from the 
header of this FCP_CMND frame in Step 1 705 and then 
acquires object LUN from FCP-LUN of the data field of 

10 this FCP_CMND in Step 1706. 

[0095] In subsequent Step 1 707, the storage subsys- 
tem retrieves the "WWN_S_ID_GID conversion table" 
1601 shown in Fig. 16 by using resulting SJD as the 
key and acquires GID corresponding to this S_ID. The 

15 flow up to this step represents the reference operation 
of Steps 1 901 , 1 902 and 1 903 in Fig. 1 9. 
[0096] When GID for this SJD is not retrieved from 
the table 1601 in Step 1903, the user does not register 
LUN, the access of which is permitted to the host com- 

20 puter, and the access to LUN requested from the host 
computer is rejected. 

[0097] In subsequent Step 1708 (Fig. 17), the infor- 
mation of the access-permitted LUN is acquired for this 
GID. In Step 1801 (Fig. 18), whether or not LUN ac- 

25 quired from the Inquiry command of the host computer 
having this GID is registered as the access-permitted 
LUN on the "LUN access management table" is judged. 
The flow up to this step represents the reference oper- 
ation of Steps 1904 and 1905 in Fig. 19. 

30 [0098] The reference operation in Steps 1 904 to 1 905 
retrieves LUN the access to which is permitted from S_ 
ID, by using GID as the key. Since this GID is the at- 
tribute of the group of individual WWN, the ratio of GID 
to access-permitted LUN generally equals to the ratio of 

35 multiple to 1 . In comparison with the relation in the prior 
art, that is, the ratio of WWN of LUN security using WWN 
as key to access-permitted LUN equals to unity, the res- 
olution capacity on the side of the host computer drops 
but the retrieval operation becomes easier and has gen- 

40 erally a higher speed. 

[0099] When LUN acquired in Step 1 706 is registered 
to the entry of the "LUN access management table" 
(Figs. 11 and 12), the access from the host computer to 
this LUN is permitted. Therefore, in Step 1802 (Fig. 8), 

45 the storage subsystem sets "000" of the binary digit to 
the qualifier of the Inquiry data for the response to the 
host computer and the device type code of the storage 
subsystem to the device type. 

[0100] On the other hand, when LUN acquired in Step 
50 1 706 is not registered as virtual LUN to the correspond- 
ing entry of the "LUN access management table", the 
access from the host computer to this virtual LUN is re- 
jected. Therefore, in Step 1803, the storage subsystem 
sets "001" or "011" of the binary digit to the qualifier of 
55 the Inquiry data for the response to the host computer 
and "1 F" of the hexadecimal digit to the device type. 
[0101] Next, in Step 1804, the storage subsystem 
sets the Inquiry data for response to the FCP_DATA 
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frame and transmits it to tine liost computer. In subse- 
quent Step 1805, the storage subsystem transmits an 
FCP_RSP frame representing tine finisli of the response 
of the Inquiry command of the host computer. 
[0102] In succession to Steps 1802 and 1804 in Fig. 
18, the host computer that receives FCP_DATA inclu- 
sive of the Inquiry data from the storage subsystem 
judges that the access to the corresponding LUN is pos- 
sible, and can continue the access without inquiring 
again thereafter access approval/rejection of this LUN. 
Here, LUN to which the host computer gains access is 
practically the storage area # inside the storage subsys- 
tem that is primarily associated with LUN. 
[0103] On the other hand, the host computer that re- 
ceives FCP_DATA inclusive of the Inquiry data from the 
storage subsystem in succession to Steps 1 803 to 1 804 
judges that the access to this LUN is not possible, and 
does not inquire again access approval/rejection to this 
LUN and does not try to gain access, either. 
[0104] In this embodiment, it is only at the time of gen- 
eration of the Inquiry command that the host computer 
inquires access approval/rejection to LUN. In other 
words, while login remains effective, this inquiry need 
not be repeated. In consequence, strong LUN security 
can be accomplished without lowering data transfer ef- 
ficiency between the host computer and the storage 
subsystem. 

[0105] Incidentally, when a function f having a corre- 
lation "storage area # = f(GID, LUN)" is set in mapping 
from LUN to the storage area # inside the storage sub- 
system, an effective storage area # is outputted for ef- 
fective Gl D and LUN values but is not outputted for other 
values. 

[0106] Here, f(n, m) is a function for effecting mapping 
conversion of LUN given to the host computer to the 
storage area # inside the storage subsystem by using 
GID and LUN as the parameters. Consequently, in the 
Write command and the Read command subsequent to 
the Inquiry command, the check of access approval/re- 
jection can be executed with minimum overhead during 
the conversion operation from designated LUN to the 
storage area # without calling for the retrieval operation 
of Steps 1901 to 1905. 

[0107] As described above, when the method is em- 
ployed that handles a plurality of host computer groups 
under the same port, and allows the user to arbitrarily 
select and set the allocation of LU in the group unit, LUN 
security can be accomplished with high-speed judgment 
logic and with high utilization efficiency of the memory 
area inside the storage subsystem without changing the 
existing processing, limitation and other functions on the 
side of the host computer. 

[0108] This embodiment has been described about 
the Fiber Channel by way of example. To practice the 
invention, however, the invention is not particularly lim- 
ited to the Fiber Channel, and the kind of the protocol 
environment is not restrictive so long as it can provide 
equivalent functions. As to the storage subsystem, too. 



this embodiment has been described mainly on the as- 
sumption of the disk array apparatus, but the apparatus 
can be ordinary magnetic disk apparatuses, and optical 
disk library and tape library capable of interfacing the 

5 storage system can replace this disk array apparatus. 
[0109] The invention can be executed among a plu- 
rality of storage subsystems in consideration of recent 
virtualization of the SAN environment. In this case, the 
invention has the construction in which definition and set 

10 items of each of the tables described above are execut- 
ed on one storage subsystem, communication paths are 
disposed so that the definition/setting can be transmit- 
ted to the logical units inside other storage subsystems, 
and one storage subsystem executes centralized con- 

15 trol. 

[01 10] Such centralized control and definition of nec- 
essary tables need not always be executed on a specific 
storage subsystem but may be provided to program 
processing on the host computer or to internal process- 

20 ing on a switching hub or a rooter so long as the storage 
subsystems are connected by a common interface such 
as the Fiber Channel and the logical units inside a plu- 
rality of storage subsystems can be recognized. 
[01 1 1] When LUN security according to the invention 

25 is accomplished among a plurality of storage subsys- 
tems connected by the network such as the Fiber Chan- 
nel, the storage subsystems having the ports for con- 
necting the storage subsystems including the access- 
permitted logical units and the host computer groups, 

30 the switch or the rooter need not be built in the same 
casing. 

[0112] The invention uses the management table in- 
side the storage subsystem and gives the logical unit 
inside the storage subsystem to the host computer 

35 groups that are arbitrarily grouped by the user in accord- 
ance with the desired form of operation of the user, limits 
access approval/rejection to LU inside the storage sub- 
system in the group unit and at the same time, can pro- 
vide the security function capable of setting the interface 

40 of connection in the group unit under the single port of 
the storage subsystem without changing the existing 
processing, limitation and other functions of the compu- 
ter. 

[0113] Furthermore, since the access approval/rejec- 
45 tion judgment to LU inside the storage subsystem can 
be known at the point of time of generation of the inquiry 
command such as the Inquiry command and this judg- 
ment need not be thereafter repeated. Therefore, the 
strong security function to LU can be secured while the 
50 storage subsystem is kept operated with high perform- 
ance. 

[0114] It should be further understood by those skilled 

in the art that the foregoing description has been made 
on embodiments of the invention and that various 
55 changes and modifications may be made in the inven- 
tion without departing from the spirit of the invention and 
the scope of the appended claims. 



10 



19 



EP 1 276 034 A2 



20 



Claims 

1. A storage subsystem (101) including: 

ports (102 to 104) to whicli an interface (113) 5 
for connecting a plurality of computers (105 to 
107) can be applied; 

logical unit (1302) accessible from said com- 
puters through said ports; 

one or a plurality of storage devices (115) for io 
storing data to be stored in said logical units; 
and 

a storage control device (116) for controlling 

write/read of data to and from said storage de- 
vice; ^5 

wherein said computers gaining access to 
said logical units are grouped into groups (1105 to 
1128, 1205 to 1207) with overlapping permitted; 

one or a plurality of said logical units (1104, 20 
1204) is allocated to each of said groups; and 

a management table (Figs. 11 and 12) for as- 
sociating said logical units allocated with storage ar- 
eas of said storage devices with overlapping per- 
mitted is provided. 25 



2. A storage subsystem according to claim 1 , 
wherein said management table includes interface 
information (1310 to 1312) for associating each of 
said groups of said computers grouped with said 30 
logical units allocated. 

3. A storage subsystem according to claim 1 , 
which further includes a communication control unit 
(121) capable of connecting maintenance terminal 35 
equipment (123), and wherein said maintenance 
terminal equipment is connected to said communi- 
cation control unit through a communication line so 
that the content of said management table can be 
changed. 40 

4. A storage subsystem according to claim 1 , 
wherein said logical units allocated and the storage 
areas of said storage device are associated with 
one another with overlapping permitted so that se- 45 
curity in the unit of said logical units of each of said 
groups can operate. 

5. A storage subsystem according to claim 1 , 

which has functions such that information (1112 to 50 
1132, 1208 to 1215) specifying a computer trans- 
mitting a command is extracted from said command 
accessed through said port, an access to said log- 
ical unit allocated is permitted when said specifying 
information exists in said management table, by 55 
judging that said computer is said grouped compu- 
ter, and the access to said accessible logical unit is 
not permitted when said specifying information 



does not exist in said managementtable, by judging 
that said computer is not said grouped computer. 

6. A storage subsystem according to claim 5, 
wherein said functions are caused to operate only 
at the time of generation of the inquiry command by 
said computer, and after the access to said allocat- 
ed logical unit is once permitted, the command from 
said computer making the inquiry is accepted. 

7. A storage subsystem according to claim 6, 
wherein, after the access to said allocated logical 
unit is once permitted, a group number of said com- 
puter making the inquiry is used to associate the 
number of said logical unit and the number of the 
storage area of said storage device corresponding 
to said logical unit. 

8. A storage subsystem (1 301 ) including: 

a port (1304) to which an interface (1306) for 
connecting a plurality of computers or said stor- 
age subsystem can be applied; 
a logical unit (1302) accessible from said com- 
puters through said ports; 
one or a plurality of storage devices (115) for 
storing data to be stored in said logical units; 
and 

a storage control device (116) for controlling 
write/read of data to and from said storage de- 
vice; 

wherein said computers gaining access to 
said logical units are grouped into groups (1105 to 
1128, 1205 to 1207) with overlapping permitted; 

one or a plurality of said logical units (1104, 
1204) is allocated to each of said groups; and 

a management table (Figs. 11 and 12) for as- 
sociating said logical units allocated with the stor- 
age areas of said storage devices with overlapping 
permitted is conjointly used with said storage sub- 
system connected through said ports. 

9. A storage subsystem (1306) including: 

a port (1304) to which an interface (1306) for 
connecting a plurality of computers, hubs, 
switches or rooters can be applied; 
a logical unit (1302) accessible from said com- 
puters through said ports; 
one or a plurality of storage devices (115) for 
storing data to be stored in said logical units; 
and 

a storage control device (116) for controlling 
write/read of data to and from said storage de- 
vice; 

wherein said computers gaining access to 
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said logical units are grouped into groups (1105 to 
1128, 1205 to 1207) with overlapping permitted; 

one or a plurality of said logical units (1104, 
1204) Is allocated to each of said groups; and 

a management table (Figs. 1 1 and 1 2) for as- 5 
sociating said logical units allocated with the stor- 
age areas of said storage devices with overlapping 
permitted Is conjointly used with said computers, 
hubs, switches or rooters connected through said 
ports. 10 
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